Paul Schreiber <[EMAIL PROTECTED]> writes:
> I am writing some URL parsing code in python (sssh! :-) and decided to see
> how LWP solved my problem ... well, it doesn't.
>
> What my web client is doing is logging in to a site using basic
> authentication. The problem arises because the userid has a slash in it.
>
> Example: userid = test/ing
> password = foobar
>
> note that %2f is the encoded version of /.
>
> hence, the URL would look like:
> http://test%2fing:[EMAIL PROTECTED]/page.html
>
> this works fine in netscape 4.7/linux, but it chokes LWP.
>
> use LWP::Simple;
> print get("http://test%2fing:foobar\@www.whatever.com/bar.html");
>
> putting the / in unencoded doesn't work either:
> print get("http://test/ing:foobar\@www.whatever.com/bar.html");
>
> (if you don't encode the slash, you have an ambiguous URL, and you could
> interpret the host as being "test" in this case.)
>
> I've looked at RFCs 2617 (HTTP Auth), 1738 (URLs) and 2616 (HTTP 1.1).
>
> [1] RFC 2617 says userids can contain anything besides a colon (:). Passwords
> can be *anything*.
>
> [2] RFC 2616 and 1738 do not state that userid:password@ are allowed parts of
> a http URL.
>
> [3] RFC 1738 says to encode characters such as ":" and "@" when used in the
> userid/password portions of URLs; however, they're mostly talking about ftp
> and so on, since [2].
>
> any thoughts?
Try this patch:
Index: lib/LWP/Simple.pm
===================================================================
RCS file: /home/cvs/aas/perl/mods/libwww-perl/lib/LWP/Simple.pm,v
retrieving revision 1.32
diff -u -p -u -r1.32 Simple.pm
--- lib/LWP/Simple.pm 1999/03/20 07:37:36 1.32
+++ lib/LWP/Simple.pm 2000/05/24 09:26:30
@@ -273,7 +273,7 @@ sub _get
{
my $url = shift;
my $ret;
- if (!$FULL_LWP && $url =~ m,^http://([^/:]+)(?::(\d+))?(/\S*)?$,) {
+ if (!$FULL_LWP && $url =~ m,^http://([^/:\@]+)(?::(\d+))?(/\S*)?$,) {
my $host = $1;
my $port = $2 || 80;
my $path = $3;
Index: lib/LWP/Protocol/http.pm
===================================================================
RCS file: /home/cvs/aas/perl/mods/libwww-perl/lib/LWP/Protocol/http.pm,v
retrieving revision 1.49
diff -u -p -u -r1.49 http.pm
--- lib/LWP/Protocol/http.pm 2000/04/09 19:06:46 1.49
+++ lib/LWP/Protocol/http.pm 2000/05/24 09:30:55
@@ -74,7 +74,9 @@ sub _fixup_header
# not really support specification of user and password, but
# we allow it.
if (defined($1) && not $h->header('Authorization')) {
- $h->authorization_basic(split(":", $1));
+ require URI::Escape;
+ $h->authorization_basic(map URI::Escape::uri_unescape($_),
+ split(":", $1));
}
}
Regards,
Gisle
